The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Ubuntu

vulnerability note CVE-2018-12232

Linux kernel: NULL pointer dereference via sock_close/sockfs_setattr

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via sock_close/sockfs_setattr of the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux, Ubuntu.
Severity: 1/4.
Creation date: 13/06/2018.
Identifiers: CERTFR-2018-AVI-408, CERTFR-2018-AVI-413, CVE-2018-12232, FEDORA-2018-bb7aab12cb, USN-3752-1, USN-3752-2, USN-3752-3, VIGILANCE-VUL-26414.

Description of the vulnerability

The Noyau Linux product offers a web service.

However, it does not check if a pointer is NULL, before using it.

An attacker can therefore force a NULL pointer to be dereferenced via sock_close/sockfs_setattr of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2018-5735

ISC BIND: assertion error via DNSSEC

Synthesis of the vulnerability

An attacker can force an assertion error via DNSSEC of ISC BIND, in order to trigger a denial of service.
Impacted products: Debian, Ubuntu.
Severity: 2/4.
Creation date: 19/02/2018.
Identifiers: CVE-2018-5735, DLA-1285-1, USN-3574-1, VIGILANCE-VUL-25321.

Description of the vulnerability

An attacker can force an assertion error via DNSSEC of ISC BIND, in order to trigger a denial of service.

Technical details are unknown.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2018-1000026

Linux kernel: denial of service via the bnx2x driver

Synthesis of the vulnerability

An attacker can block the netword card drived by the bnx2x module of the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Creation date: 12/02/2018.
Identifiers: CERTFR-2018-AVI-147, CERTFR-2018-AVI-165, CERTFR-2018-AVI-170, CERTFR-2018-AVI-196, CERTFR-2018-AVI-198, CVE-2018-1000026, FEDORA-2018-03a6606cb5, FEDORA-2018-7a62047e30, FEDORA-2018-884a105c04, openSUSE-SU-2018:0781-1, SUSE-SU-2018:0785-1, SUSE-SU-2018:0786-1, SUSE-SU-2018:0986-1, USN-3617-1, USN-3617-2, USN-3617-3, USN-3619-1, USN-3619-2, USN-3620-1, USN-3620-2, USN-3632-1, VIGILANCE-VUL-25279.

Description of the vulnerability

An attacker can block the netword card drived by the bnx2x module of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2018-1053

PostgreSQL: password disclosure via pg_upgrade

Synthesis of the vulnerability

The tool "pg_upgrade" creates world readable temporary files including passwords.
Impacted products: Debian, openSUSE Leap, PostgreSQL, RHEL, Ubuntu, WindRiver Linux.
Severity: 2/4.
Creation date: 08/02/2018.
Identifiers: CVE-2018-1053, DLA-1271-1, openSUSE-SU-2018:0523-1, openSUSE-SU-2018:0529-1, openSUSE-SU-2018:0688-1, RHSA-2018:2511-01, RHSA-2018:2566-01, USN-3564-1, VIGILANCE-VUL-25242.

Description of the vulnerability

The tool "pg_upgrade" creates world readable temporary files including passwords.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2017-16911

Linux kernel: information disclosure via vhci_hcd

Synthesis of the vulnerability

An attacker can get kernel addresses via the vhci_hcd driver of the Linux kernel, in order to obtain sensitive information.
Impacted products: Debian, Linux, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 01/02/2018.
Identifiers: CERTFR-2018-AVI-161, CERTFR-2018-AVI-170, CERTFR-2018-AVI-197, CERTFR-2018-AVI-206, CERTFR-2018-AVI-224, CERTFR-2018-AVI-241, CERTFR-2018-AVI-408, CVE-2017-16911, DLA-1369-1, DSA-4187-1, SUSE-SU-2018:0834-1, SUSE-SU-2018:0848-1, SUSE-SU-2018:1080-1, SUSE-SU-2018:1172-1, SUSE-SU-2018:1309-1, USN-3619-1, USN-3619-2, USN-3754-1, VIGILANCE-VUL-25197.

Description of the vulnerability

An attacker can get kernel addresses via the vhci_hcd driver of the Linux kernel, in order to obtain sensitive information.

A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability CVE-2018-5750

Linux kernel: adress disclosure via the boot log

Synthesis of the vulnerability

A local attacker can read the log file for kernel boot messages, in order to get kernel addresses.
Impacted products: Debian, Fedora, Linux, RHEL, Ubuntu.
Severity: 1/4.
Creation date: 29/01/2018.
Identifiers: CERTFR-2018-AVI-198, CERTFR-2018-AVI-321, CVE-2018-5750, DLA-1349-1, DLA-1369-1, DSA-4120-1, DSA-4120-2, DSA-4179-1, DSA-4187-1, FEDORA-2018-884a105c04, FEDORA-2018-d09a73ce72, FEDORA-2018-d82b617d6c, RHSA-2018:0676-01, RHSA-2018:1062-01, USN-3631-1, USN-3631-2, USN-3697-1, USN-3697-2, USN-3698-1, USN-3698-2, VIGILANCE-VUL-25170.

Description of the vulnerability

A local attacker can read the log file for kernel boot messages, in order to get kernel addresses.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability announce CVE-2018-5784

LibTIFF: denial of service

Synthesis of the vulnerability

An attacker can trigger an overuse of resources in LibTIFF, in order to trigger a denial of service.
Impacted products: Debian, Fedora, LibTIFF, openSUSE Leap, Ubuntu, WindRiver Linux.
Severity: 1/4.
Creation date: 22/01/2018.
Identifiers: 2772, CVE-2018-5784, DLA-1391-1, DLA-1411-1, FEDORA-2018-e6a51e99a4, openSUSE-SU-2018:1204-1, USN-3602-1, USN-3606-1, VIGILANCE-VUL-25132.

Description of the vulnerability

An attacker can trigger an overuse of resources in LibTIFF, in order to trigger a denial of service.

Technical details are unknown.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability bulletin CVE-2017-12193

Linux kernel: NULL pointer dereference via assoc_array_apply_edit

Synthesis of the vulnerability

An attacker can force a NULL pointer to be dereferenced via assoc_array_apply_edit() of the Linux kernel, in order to trigger a denial of service.
Impacted products: Fedora, Linux, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 1/4.
Creation date: 02/11/2017.
Identifiers: CERTFR-2017-AVI-448, CERTFR-2017-AVI-454, CERTFR-2017-AVI-458, CERTFR-2018-AVI-321, CVE-2017-12193, FEDORA-2017-38b37120a2, FEDORA-2017-9fbb35aeda, FEDORA-2018-884a105c04, openSUSE-SU-2017:3358-1, openSUSE-SU-2017:3359-1, RHSA-2018:0151-01, SUSE-SU-2017:3210-1, SUSE-SU-2017:3249-1, SUSE-SU-2017:3398-1, SUSE-SU-2017:3410-1, USN-3507-1, USN-3507-2, USN-3509-1, USN-3509-2, USN-3509-3, USN-3509-4, USN-3698-1, USN-3698-2, VIGILANCE-VUL-24308.

Description of the vulnerability

The Noyau Linux product offers a web service.

However, it does not check if a pointer is NULL, before using it.

An attacker can therefore force a NULL pointer to be dereferenced via assoc_array_apply_edit() of the Linux kernel, in order to trigger a denial of service.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce CVE-2017-16227

Quagga: memory corruption via AS_PATH Long Paths Update Message

Synthesis of the vulnerability

An attacker can generate a memory corruption via AS_PATH Long Paths Update Message of Quagga, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Fedora, openSUSE Leap, Solaris, Quagga, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Creation date: 30/10/2017.
Identifiers: bulletinapr2018, CVE-2017-16227, DLA-1152-1, DSA-4011-1, FEDORA-2017-7d25605e98, FEDORA-2017-df3032c978, openSUSE-SU-2018:0473-1, SUSE-SU-2018:0455-1, SUSE-SU-2018:0456-1, SUSE-SU-2018:0457-1, USN-3471-1, VIGILANCE-VUL-24267.

Description of the vulnerability

An attacker can generate a memory corruption via AS_PATH Long Paths Update Message of Quagga, in order to trigger a denial of service, and possibly to run code.

A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert CVE-2017-13721

X.Org Server: memory corruption via Xext/shm Shmseg Resource Id

Synthesis of the vulnerability

An attacker can generate a memory corruption via Xext/shm Shmseg Resource Id of X.Org Server, in order to trigger a denial of service, and possibly to run code.
Impacted products: Debian, Solaris, Slackware, Ubuntu, XOrg Bundle ~ not comprehensive.
Severity: 2/4.
Creation date: 05/10/2017.
Identifiers: bulletinjan2018, CVE-2017-13721, DSA-4000-1, SSA:2017-279-03, USN-3453-1, VIGILANCE-VUL-24026.

Description of the vulnerability

An attacker can generate a memory corruption via Xext/shm Shmseg Resource Id of X.Org Server, in order to trigger a denial of service, and possibly to run code.

A detailed analysis was not performed for this bulletin.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Ubuntu: